$OpenBSD: patch-kcontrol_crypto_crypto_cpp,v 1.4 2015/08/29 15:39:55 zhuk Exp $

Allow building against OpenSSL without SSLv2 and SSLv3 support.

--- kcontrol/crypto/crypto.cpp.orig	Sun Oct  1 21:31:49 2006
+++ kcontrol/crypto/crypto.cpp	Sat Aug 29 04:24:59 2015
@@ -272,33 +272,14 @@ QString whatstr;
                  " replaced SSL in protocols such as POP3 and SMTP.");
   QWhatsThis::add(mUseTLS, whatstr);
 
-  mUseSSLv2 = new QCheckBox(i18n("Enable SSLv&2"), tabSSL);
-  connect(mUseSSLv2, SIGNAL(clicked()), SLOT(configChanged()));
-  grid->addWidget(mUseSSLv2, 1, 0);
-  whatstr = i18n("SSL v2 is the second revision of the SSL protocol."
-                " It is most common to enable v2 and v3.");
-  QWhatsThis::add(mUseSSLv2, whatstr);
-
   mUseSSLv3 = new QCheckBox(i18n("Enable SSLv&3"), tabSSL);
   connect(mUseSSLv3, SIGNAL(clicked()), SLOT(configChanged()));
   grid->addWidget(mUseSSLv3, 1, 1);
   whatstr = i18n("SSL v3 is the third revision of the SSL protocol."
-                " It is most common to enable v2 and v3.");
+                " It is most common to enable v3.");
   QWhatsThis::add(mUseSSLv3, whatstr);
 
-#ifdef HAVE_SSL
-  SSLv2Box = new QListView(tabSSL, "v2ciphers");
-  (void) SSLv2Box->addColumn(i18n("SSLv2 Ciphers to Use"));
-  whatstr = i18n("Select the ciphers you wish to enable when using the"
-                " SSL v2 protocol. The actual protocol used will be"
-                " negotiated with the server at connection time.");
-  QWhatsThis::add(SSLv2Box, whatstr);
-  SSLv2Box->setSelectionMode(QListView::NoSelection);
-
-  grid->addWidget( SSLv2Box, 2, 0 );
-  connect( mUseSSLv2, SIGNAL( toggled( bool ) ),
-	   SSLv2Box, SLOT( setEnabled( bool )));
-#else
+#ifndef HAVE_SSL
   QLabel *nossllabel = new QLabel(i18n("SSL ciphers cannot be configured"
                                " because this module was not linked"
                                " with OpenSSL."), tabSSL);
@@ -876,9 +857,6 @@ void KCryptoConfig::load( bool useDefaults )
   config->setGroup("TLS");
   mUseTLS->setChecked(config->readBoolEntry("Enabled", true));
 
-  config->setGroup("SSLv2");
-  mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true));
-
   config->setGroup("SSLv3");
   mUseSSLv3->setChecked(config->readBoolEntry("Enabled", true));
 
@@ -913,23 +891,14 @@ void KCryptoConfig::load( bool useDefaults )
   oPath->setURL(config->readPathEntry("Path"));
 #endif
 
-  config->setGroup("SSLv2");
-  CipherItem *item = static_cast<CipherItem *>(SSLv2Box->firstChild());
-  while ( item ) {
-      item->setOn(config->readBoolEntry(item->configName(),
-					item->bits() >= 56));
-      item = static_cast<CipherItem *>(item->nextSibling());
-  }
-
   config->setGroup("SSLv3");
-  item = static_cast<CipherItem *>(SSLv3Box->firstChild());
+  CipherItem *item = static_cast<CipherItem *>(SSLv3Box->firstChild());
   while ( item ) {
       item->setOn(config->readBoolEntry(item->configName(),
 					item->bits() >= 56));
       item = static_cast<CipherItem *>(item->nextSibling());
   }
 
-  SSLv2Box->setEnabled( mUseSSLv2->isChecked() );
   SSLv3Box->setEnabled( mUseSSLv3->isChecked() );
 
   QStringList groups = policies->groupList();
@@ -1030,8 +999,7 @@ void KCryptoConfig::load( bool useDefaults )
 void KCryptoConfig::save()
 {
 #ifdef HAVE_SSL
-  if (!mUseSSLv2->isChecked() &&
-      !mUseSSLv3->isChecked())
+  if (!mUseSSLv3->isChecked())
     KMessageBox::information(this, i18n("If you do not select at least one"
                                        " SSL algorithm, either SSL will not"
                                        " work or the application may be"
@@ -1041,9 +1009,6 @@ void KCryptoConfig::save()
   config->setGroup("TLS");
   config->writeEntry("Enabled", mUseTLS->isChecked());
 
-  config->setGroup("SSLv2");
-  config->writeEntry("Enabled", mUseSSLv2->isChecked());
-
   config->setGroup("SSLv3");
   config->writeEntry("Enabled", mUseSSLv3->isChecked());
 
@@ -1072,25 +1037,8 @@ void KCryptoConfig::save()
 #endif
 
   int ciphercount = 0;
-  config->setGroup("SSLv2");
-  CipherItem *item = static_cast<CipherItem *>(SSLv2Box->firstChild());
-  while ( item ) {
-    if (item->isOn()) {
-      config->writeEntry(item->configName(), true);
-      ciphercount++;
-    } else config->writeEntry(item->configName(), false);
-
-    item = static_cast<CipherItem *>(item->nextSibling());
-  }
-
-  if (mUseSSLv2->isChecked() && ciphercount == 0)
-    KMessageBox::information(this, i18n("If you do not select at least one"
-                                       " cipher, SSLv2 will not work."),
-                                   i18n("SSLv2 Ciphers"));
-
-  ciphercount = 0;
   config->setGroup("SSLv3");
-  item = static_cast<CipherItem *>(SSLv3Box->firstChild());
+  CipherItem *item = static_cast<CipherItem *>(SSLv3Box->firstChild());
   while ( item ) {
     if (item->isOn()) {
       config->writeEntry(item->configName(), true);
@@ -1251,18 +1199,12 @@ void KCryptoConfig::slotSelectCipher(int id) {
 void KCryptoConfig::cwCompatible() {
   #ifdef HAVE_SSL
   CipherItem *item;
-  for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item;
-	item = static_cast<CipherItem *>(item->nextSibling()) ) {
-    item->setOn( item->bits() >= 56 && item->bits() <= 128 );
-  }
-
   for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item;
 	item = static_cast<CipherItem *>(item->nextSibling()) ) {
     item->setOn( item->bits() >= 56 && item->bits() <= 128 );
   }
 
   mUseTLS->setChecked(true);
-  mUseSSLv2->setChecked(true);
   mUseSSLv3->setChecked(true);
   configChanged();
   #endif
@@ -1272,11 +1214,6 @@ void KCryptoConfig::cwCompatible() {
 void KCryptoConfig::cwUS() {
   #ifdef HAVE_SSL
   CipherItem *item;
-  for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item;
-	item = static_cast<CipherItem *>(item->nextSibling()) ) {
-    item->setOn( item->bits() >= 128 );
-  }
-
   for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item;
 	item = static_cast<CipherItem *>(item->nextSibling()) ) {
     item->setOn( item->bits() >= 128 );
@@ -1290,11 +1227,6 @@ void KCryptoConfig::cwUS() {
 void KCryptoConfig::cwExp() {
   #ifdef HAVE_SSL
   CipherItem *item;
-  for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item;
-	item = static_cast<CipherItem *>(item->nextSibling()) ) {
-    item->setOn( item->bits() <= 56 && item->bits() > 0);
-  }
-
   for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item;
 	item = static_cast<CipherItem *>(item->nextSibling()) ) {
     item->setOn( item->bits() <= 56 && item->bits() > 0);
@@ -1308,18 +1240,12 @@ void KCryptoConfig::cwExp() {
 void KCryptoConfig::cwAll() {
   #ifdef HAVE_SSL
   CipherItem *item;
-  for ( item = static_cast<CipherItem *>(SSLv2Box->firstChild()); item;
-	item = static_cast<CipherItem *>(item->nextSibling()) ) {
-    item->setOn( true );
-  }
-
   for ( item = static_cast<CipherItem *>(SSLv3Box->firstChild()); item;
 	item = static_cast<CipherItem *>(item->nextSibling()) ) {
     item->setOn( true );
   }
 
   mUseTLS->setChecked(true);
-  mUseSSLv2->setChecked(true);
   mUseSSLv3->setChecked(true);
   configChanged();
   #endif
@@ -2321,12 +2247,11 @@ bool KCryptoConfig::loadCiphers() {
 unsigned int i;
 SSL_CTX *ctx;
 SSL *ssl;
-SSL_METHOD *meth;
+const SSL_METHOD *meth;
 
-  SSLv2Box->clear();
   SSLv3Box->clear();
 
-  meth = SSLv2_client_method();
+  meth = SSLv23_client_method();
   SSLeay_add_ssl_algorithms();
   ctx = SSL_CTX_new(meth);
   if (ctx == NULL) return false;
@@ -2337,35 +2262,7 @@ SSL_METHOD *meth;
   CipherItem *item;
   for (i=0; ; i++) {
     int j, k;
-    SSL_CIPHER *sc;
-    sc = (meth->get_cipher)(i);
-    if (!sc)
-      break;
-    // Leak of sc*?
-    QString scn(sc->name);
-    if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) {
-      continue;
-    }
-    k = SSL_CIPHER_get_bits(sc, &j);
-
-    item = new CipherItem( SSLv2Box, sc->name, k, j, this );
-  }
-
-  if (ctx) SSL_CTX_free(ctx);
-  if (ssl) SSL_free(ssl);
-
-  // We repeat for SSLv3
-  meth = SSLv3_client_method();
-  SSLeay_add_ssl_algorithms();
-  ctx = SSL_CTX_new(meth);
-  if (ctx == NULL) return false;
-
-  ssl = SSL_new(ctx);
-  if (!ssl) return false;
-
-  for (i=0; ; i++) {
-    int j, k;
-    SSL_CIPHER *sc;
+    const SSL_CIPHER *sc;
     sc = (meth->get_cipher)(i);
     if (!sc)
       break;
